This one had me pretty stumped today. We have several windows services that scrape data every night from several third party sites via http and ftp protocols. Up until now we’ve had them running on a different server but last week I transfered them to a new machine running more securly behind a NAT firewall service. I then realised that all my FTP scrapes failed and appeared to be timing out as if the remote server was down. I tried browsing to the site with IE on the same machine and no suprise they also timed out. After some reading I discovered NAT and FTP do not like one another and even after I changed the FTP service to use PASV mode it still failed. I discovered that the windows service “Application Layer Gateway” was in fact the blame and I needed to run the following command on the router to enable FTP NAT routing.
Netsh routing ip nat add ftp
Now my servers behind the router can all use FTP.
Tips 4 developers by me :) 